Titanium Sponsors



Platinum Sponsors

Leonardo DRS

Leonardo DRS

Gold Sponsors

Modern Technology Solutions, Inc.

Modern Technology Solutions, Inc.

University of Dayton
Department of
Computer Science

University of Dayton - Department of Computer Science



Social Media

Our LinkedIn Group: OISF at LinkedIn

OISF on YouTube: OISF on YouTube

Meeting Notes - November 10th, 2016

10th November 2016

When shopping on Amazon this holiday season, make sure to use our Amazon Smile link. It doesn't cost you anything extra and a portion of the price goes to OISF. It's a simple way to keep us running.

Discussion Stories

CubeSat Secure Communication Notes

We had a very interesting discussion on how to secure CubeSat communications, here are those notes:

  • Limitations:

    • System limitations
      • 16Mhz Processor
      • 512 kb flash storage (~256 kb workable)
      • 80 kb RAM (unknown workable amount)
      • ~800 bits per second transfer rate
        • Only works when you can see the CubeSat
        • Uses a 16-byte command string
      • Most programming done in C
      • Runs freeRTOS
    • Needs something that will survive a VERY harsh environment
      • Radiation can randomly reset the system, corrupt memory, etc
    • Unknown transfer error rate
    • No guarantees on transfer delivery (think UDP)
  • Good things:

    • An attacker breaching the system has little real consequence
      • The attacker could restart the device
      • The attacker could stop commands in progress or issue commands that the CubeSat doesn't need
      • The attacker cannot reprogram the device (firmware is set)
      • The attacker could break international radio regulations
        • This has no real effect on anyone
      • The attack could be annoying, but cannot cause damage
  • Thoughts on securing the communications channel:

    • Encryption:
    • Command signing?
    • DirectTV-style Memory Puzzle
      • Send the command as small pieces of useless memory and memory locations that a C program will put into a buffer
      • Once enough pieces have been send, the c program can re-arrage the resulting data into a legitimate command
      • Only the architect of the program knows the correct sequence and memory locations
  • Other notes:

OISF lives on your donations. Shake down your boss: Become a donor today. OISF is a 501c3 organization and donations are tax deductible. For more information, email info@ohioinfosec.org.